lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201004221529.o3MFTvTY031828@www3.securityfocus.com>
Date: Thu, 22 Apr 2010 09:29:57 -0600
From: michael.mueller@...egralis.com
To: bugtraq@...urityfocus.com
Subject: XSS and Content Injection in HTC Windows Mobile SMS Preview PopUp

------------------------------------------------------------------

 XSS and Content Injection in HTC Windows Mobile SMS Preview PopUp
 
 Date: 22.04.2010

-------------------------------------------------------------------

- Description
Windows Mobile shows message previews if configured to do so. Due to missing input validation the contents of a sms is not properly sanitized and interpreted as it is. This can lead to content injection and xss.

- Example
Send a sms with the following sample contents to a Windows Mobile based device which has message preview enabled:

1. <html><head><meta http-equiv="refresh" content="0; URL=http://www.google.de/"></head></html>
2. <script>alert('Thats evil')</script>
3. You know waht you can do with that, find your own...

- Tested on
 HTC Touch Pro 2, Windows Mobile 6.5
 Other devices from HTC are vulnerable too

- Solution
Disable the "Show Message" Option in the notification settings, or if the device is from HTC install the supplied patch for your device (which does the same).

- Credits

The vulnerability was discovered by Michael Mueller from Integralis
michael#dot#mueller#at#integralis#dot#com

Inspired by the Palm WebOS SMS Hack by intrepidusgroup

- Timeline
22.04.2010 - Vulnerabilities discovered
22.04.2010 - Public release

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ